import requests
from header import HEADERS2
import os
import io
import sys
# 强制标准输出使用UTF-8编码
sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')

url = "http://localhost:8080/checker/list"
payload = "<script>alert('XSS')</script>"

params = {
    "fileName": payload,
    "page": 1,
    "pageSize": 10
}

# headers = {
#     "Authorization": "Bearer eyJhbGciOiJIUzI1NiJ9.eyJyb2xlIjoiY2hlY2tlciIsImV4cCI6MTc1MzU2MzM1MSwidXNlcklkIjoyfQ.5Bh7Kll6Npvlg5rK0MmD9HD1P1aPZxXPW8xPsI3T7SA",  # 假设是 JWT
#     "X-Nonce": "0d945d10-75a7-41b0-a0dc-2b23f7743dd2",                   # 如果你的系统有这个要求
#     "Content-Type": "application/json"
# }

response = requests.get(url, params=params, headers=HEADERS2 )

print("=== 带 Token 和 Nonce 的 XSS 实测 ===")
print("请求URL：", response.url)
print("状态码：", response.status_code)
print("响应内容：\n", response.text)

# 获取当前文件的绝对路径
# current_file_path = os.path.abspath(__file__)
#
# current_floder_path = ''
#
# for item in current_file_path.split('/')[:-1]:
#     current_floder_path+=item
#     current_floder_path+='/'
#print("当前文件夹绝对路径:", current_floder_path)
current_file_path = os.path.abspath(__file__)
current_floder_path = os.path.dirname(current_file_path) + os.sep  # 自动用当前系统分隔符
print("当前文件夹绝对路径:", current_floder_path)

with open(current_floder_path+'XssAttackGeNFile.txt','w',encoding = 'utf-8') as f:
    f.write("=== 带 Token 和 Nonce 的 XSS 实测 ===\n")
    f.write("请求URL：" + str(response.url))
    f.write('\n')
    f.write("状态码：" + str(response.status_code))
    f.write("响应内容：\n")
    f.write(str(response.text))
    f.write('\n')